From 57de1d4ef98284c0b8e42a46cd3d8860f7855a0c Mon Sep 17 00:00:00 2001 From: Richard Millet Date: Mon, 14 Oct 2019 23:26:37 -0600 Subject: [PATCH] DRYD-764: Add authz checks before running report. --- .../batch/nuxeo/BatchDocumentModelHandler.java | 3 ++- .../collectionspace/services/common/api/Tools.java | 14 ++++++++++++++ .../report/nuxeo/ReportDocumentModelHandler.java | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/services/batch/service/src/main/java/org/collectionspace/services/batch/nuxeo/BatchDocumentModelHandler.java b/services/batch/service/src/main/java/org/collectionspace/services/batch/nuxeo/BatchDocumentModelHandler.java index 62898cd81..d02241f6f 100644 --- a/services/batch/service/src/main/java/org/collectionspace/services/batch/nuxeo/BatchDocumentModelHandler.java +++ b/services/batch/service/src/main/java/org/collectionspace/services/batch/nuxeo/BatchDocumentModelHandler.java @@ -49,6 +49,7 @@ import org.collectionspace.services.batch.ResourceActionGroupList; import org.collectionspace.services.client.PoxPayloadIn; import org.collectionspace.services.client.PoxPayloadOut; import org.collectionspace.services.common.ResourceMap; +import org.collectionspace.services.common.api.Tools; import org.collectionspace.services.common.authorization_mgt.ActionGroup; import org.collectionspace.services.common.context.ServiceContext; import org.collectionspace.services.common.document.BadRequestException; @@ -160,7 +161,7 @@ public class BatchDocumentModelHandler extends NuxeoDocumentModelHandler roleDisplayNameList = accountResource.getAccountRoles(AuthN.get().getUserId(), AuthN.get().getCurrentTenantId()); for (String target : forRolesList.getRoleDisplayName()) { - if (roleDisplayNameList.contains(target)) { + if (Tools.listContainsIgnoreCase(roleDisplayNameList, target)) { result = true; break; } diff --git a/services/common-api/src/main/java/org/collectionspace/services/common/api/Tools.java b/services/common-api/src/main/java/org/collectionspace/services/common/api/Tools.java index 09968b51a..599d83916 100644 --- a/services/common-api/src/main/java/org/collectionspace/services/common/api/Tools.java +++ b/services/common-api/src/main/java/org/collectionspace/services/common/api/Tools.java @@ -28,6 +28,8 @@ import java.io.InputStream; import java.util.List; import java.util.Properties; import java.util.regex.Pattern; +import org.apache.commons.lang3.StringUtils; + import java.util.regex.Matcher; @@ -407,4 +409,16 @@ public class Tools { return true; } } + + static public boolean listContainsIgnoreCase(List theList, String searchStr) { + boolean result = false; + + for (String listItem : theList) { + if (StringUtils.containsIgnoreCase(listItem, searchStr)) { + return true; + } + } + + return result; + } } diff --git a/services/report/service/src/main/java/org/collectionspace/services/report/nuxeo/ReportDocumentModelHandler.java b/services/report/service/src/main/java/org/collectionspace/services/report/nuxeo/ReportDocumentModelHandler.java index 0795dc474..0a179a078 100644 --- a/services/report/service/src/main/java/org/collectionspace/services/report/nuxeo/ReportDocumentModelHandler.java +++ b/services/report/service/src/main/java/org/collectionspace/services/report/nuxeo/ReportDocumentModelHandler.java @@ -581,7 +581,7 @@ public class ReportDocumentModelHandler extends NuxeoDocumentModelHandler roleDisplayNameList = accountResource.getAccountRoles(AuthN.get().getUserId(), AuthN.get().getCurrentTenantId()); for (String target : forRolesList.getRoleDisplayName()) { - if (roleDisplayNameList.contains(target)) { + if (Tools.listContainsIgnoreCase(roleDisplayNameList, target)) { result = true; break; } -- 2.47.3